Does “End of Life” Really Exist?


As voice and communications technology continues to evolve offering more functionality and seamless integration between multiple locations or devices, you hear a lot about the “end of life” of your current system. This raises some questions: is the end of life of your system a real threat? How long do organizations have to migrate to newer technologies before reaching that threshold?

An interesting thing happened in the telecom industry just over 5 years ago: one of the biggest players (Nortel) disappeared while the competition shifted the focus to newer technologies, changing the entire dynamic of the offerings available to the market. Because Nortel was a giant in the marketplace, there were thousands of systems running of which the available functions just stopped evolving. This gap in the marketplace leads to the other big players in the game to campaign for the eradication of end of life equipment in an effort to drive your voice platform to the newly available technologies.

It seems that anywhere you look in the voice communications industry the push to move to the “latest and greatest” is implementing fear tactics to migrate organizations away from their current platforms. But what is the real truth when it comes to the phasing out of Nortel systems?

Before Nortel disappeared, they had successfully introduced an IP PBX solution which covered the first wave of the new voice technology available. The majority of the maintenance and upkeep for these systems fell into the hands of Avaya, whom immediately began campaigning for these businesses to leave the Nortel system and upgrade to the next generation of Avaya products. Other options were to utilize organizations that carry aftermarket parts and perform repairs or refurbishing.

Another reaction to this shift in the industry was the establishment of businesses that came in to purchase the Nortel systems once an organization chose to upgrade or switch to a platform that held manufacturer protection and maintenance – hence the abundant supply of aftermarket parts. Nortel systems are great products and the typical lifespan of the platform reaches 10, 15, or even 20 years.

So is there really an “end of life” that your organization needs to fear? Perhaps, but the immediate threat is nonexistent. For now there are enough operations in place that stock these aftermarket parts, or run repair and refurbishment labs, and can also offer maintenance agreements to keep the system protected long term. The trick is determining which of these organizations holds the most credibility. Obviously the best way to choose a legacy technology supplier or service provider is to look at how long they have been doing what they are doing, despite the pivotal shift in the industry when Nortel went away.

The Dirty Little Secret Your Carrier Provider Is Keeping From You


It’s no secret that carrier providers are less than transparent when dealing with your account, but there seems to be one big secret that the industry as a whole is trying to keep under wraps:

The cost of bandwidth is dropping significantly, and it has been for the past 3 years.

Why is this a big deal? Because you are likely still paying the same rates you were when the cost was higher. Armed with this knowledge there is no reason why you shouldn’t be paying less for your phone and internet bill, or getting faster, better, and more reliable connection for the amount that you’re already paying.

Is it really a surprise that you haven’t heard this information before? Consider other interactions you have had with your carrier provider and think about the overall lack of customer service you have received – especially for those of you that have had the unpleasant experience of dealing with your carrier in the event of an outage.

The most common issues organizations face when dealing with their carrier services is the lack of communication and service. On the carrier side, there are different departments of personnel to handle each stage: purchasing, implementation, service and the billing processes. As with any large organization, there are often instances of miscommunication and lack of attention to detail when accounts are passed through one department to another, resulting in a simple lack of ownership for your account.

In today’s market there is another option emerging for businesses to deal with their carrier services and telecom spend. There are organizations that can consolidate many of these challenges, offering a single point of contact that will work with the carriers on your behalf. In some cases, these providers are also capable of servicing your entire telecom and data architecture. The combination of these services under a single roof means that if you do have an outage or any type of issue, there is a single person that is responsible for taking care of everything – no more pointing fingers between carriers and system providers, and no more excuses.

It’s time for you to explore your true carrier options and find out how to save your organization money, as much as 50-60% less than what you are currently spending. Use the resources that are available to you in the market, and experience better customer service and ownership of your account. Find out more by emailing resource@trca.com, or call 866-347-0279 and ask about reducing your carrier services costs.

The IT Battlefield

You read a lot these days about how organizations that choose to continue to “march down legacy pathways,” and opt to replace their existing PBX systems with next generation gear built on fundamentally similar architecture are making some type of short-minded mistake. Manufacturer scare tactics and UC hype are encouraging a move to a unified communication and collaboration platform in order to keep up with the industry trends and available technologies. To be honest there are a lot of truths in what they are saying because these new systems and their extended functionalities are quite amazing– but on the other hand the sky is not falling for those of you that choose to remain on legacy platforms.

There is safety in continuing to work with the architecture familiar within your organization, and one cannot discount the advances in technology within these legacy platforms. Yes, the new generation of communications technology that has been developing over the past 7-10 years goes leaps and bounds beyond the capabilities of VoIP and standard PBX systems. And there is also a third option made up of plenty of under-sung products that help organizations obtain these types of features within their legacy systems without the expense of having to rip and replace an entire system. These bolt on solutions can be a cost-effective option for smaller organizations, or those comprised of multiple sites with mix-and-matched platforms compared to a total system overhaul.

When operating within an organization with several thousand extensions, the TCO (total-cost-of-ownership) and ROI (return-on-investment) of replacing an old system can be much more quickly realized. However for the small and mid-size markets, this may not always be the case. Of course, at the end of the day it all really depends on the capabilities of the vendor you use to implement whichever solution you choose fits your company the best.

The bottom line is when you are deciding what type of technology solution is best for your organization – whether it be to go forward with an upgrade to the latest and greatest, to side-step with a bolt-on solution such as the ones that Phybridge or ADTRAN offer, or simply upgrade to the next generation Cisco or Avaya IP solution – is that you need to consider your business strategy and each aspect of improvement you hope to accomplish.

If your organization operates on dial-tone alone, then there are plenty of options to maintain and extend your legacy architecture that will give you the updated features found in VoIP and UC. However if the changing market has driven your competitors and your industry to offer faster, more comprehensive customer care and the inherent business applications and analytics to improve overall business processes, then in order to stay competitive dial-tone is no longer enough and it may be time to bite the bullet to invest in a true UC solution.

Luckily there is a wealth of information, opinions, white papers and case studies to help you determine which direction is best for your organization. Additionally there are real live people that handle these situations and consult with companies to muddle through all of the propaganda out there. Finding a vendor that is willing to learn about you and the needs and challenges of your organization should be the first step in determining whether to stay with your legacy system or move to a new unified communications platform. Resellers that are vendor agnostic can help you determine the best fitting solution without the pressure of the manufacturer, while maintaining an unbiased opinion of what the “best” really is until they get to know your needs.

With all that said good luck in 2014! I hear that “this is the year” for new UC technologies. I expect quite a bit of bombardment as the battle between legacy and new technologies is coming to its climax. Learn More about TRCA.

We know technology, and we are here to help by offering consulting services in addition to providing the resources needed to implement new strategies or to extend the life of the technology platform an organization has already implemented. Ask us anything by submitting to resource@trca.com.

What’s in a New Phone System, Anyway?

One could guess that if you picked up the receiver for your desk phone right now, you would hear dial tone. And if you opened Google Chrome or Firefox, then you would have an internet signal – so why would anybody spend the time, effort, and money to replace a system that is functioning fine just the way it is?

The answer: because your competition is doing it, and they are able to provide better customer support than you. Need another reason? Because their employees can seamlessly access their work from home, from a customer site, or while taking their afternoon coffee break run.

Once upon a time these types of perks were implemented for the top executives in larger corporations. Today countless manufacturers, national re-sellers, and local mom & pop shops are offering solutions to unify your communication platforms and integrate your phone and network systems. We should know, TRCA is one of them. A key market trend will point to the fact that if technology wasn’t advancing in such a powerful and useful way, then we wouldn’t see this type of competition.

VoIP was introduced to the market in 2004, and although it rapidly became a widespread tool to reduce monthly phone costs, communication over the IP network seems to have reliability challenges and is perceived by many companies to produce more headaches than savings.

However what many organizations whom are not privy to the “voo-doo” of the technologies of communications platforms don’t realize is how far the technology has come over the past 10 years. These days many of these issues are no longer issues, just perceived challenges.

Today with the introduction of software-defined networks (SDN’s), more advanced capabilities of Wi-Fi, and the scalability of cloud services VoIP is quickly becoming a routine and standardized solution. What we do at TRCA is attempt to take all of these variables into consideration while working with a wide array of customers of different sizes and from a variety of industries to identify the actual challenges that are faced within an organization, and look past the perceived challenges of a unified communications platform.

Don’t stunt potential business growth or forego the opportunity to enhance your customer’s experience because of a lack of understanding of your organizations communications technology or the options available to you on the market. Take the initiative to learn more about your options, and to get a better understanding of how your telecom and network platforms affect your overall business strategy.

We know technology, and we are here to help by offering consulting services in addition to providing the resources needed to implement new strategies or to extend the life of the technology platform an organization has already implemented. Ask us anything by submitting to resource@trca.com.

How to Avoid SQL Injection

My favorite web hack of all time has to be the one perpetuated by LULZSEC on PBS. Two years ago, which seems like forever in today’s light speed media cycle time, which I think is a relativistic effect of modern media’s total lack of gravity, The LULZ Boat docked into the PBS server harbor, and using SQL injection hijacked the PBS NewsHours front page, posting the below news report – my favorite – note the byline.



Nowadays, the most common web app attack vector has to be the SQL Injection, which comes in all flavors and sizes. Toolkits on the interwebs come readily available for even the most unsophisticated neophyte. Footprinting for the ingénue is made easier by readily available Google Dork lists, and programs like Havij automate the heavy SQL lifting, making it child’s play to perform a SQL Injection. There are even “how to” tutorials on YouTube that can walk you through performing SQL injection attacks. “Script Kiddies of teh world Unite!”

What is SQL Injection? For those un-initiated into the mysteries and ancient logics of IT Security, SQL (Search Query Language) is the most common of Database Languages (MySQL, MSSQL, Oracle). A common application for SQL is the backend database for a webpage that is accessed by a user form; think banking forms, login pages, ticketing systems, etc…

The first step in performing SQL injection is to identify a vulnerable site (Google Dorks), then go through the process of using form entries as a Trojan horse to trick the backend database into executing SQL commands that can do anything from reveal information such as usernames and passwords, to dropping whole tables (Destroying the Data), or modifying the data.

An example would be to hack a website that has a form for emailing a lost password to a user. Instead of entering a valid username, a hacker would enter in some invalid sql character to determine if the user entered data was being concatenated directly into a SQL query (best case for a hacker), and then based on the response to the errors, try to execute SQL statements using the form.

How can something so insidious be allowed to exist on such a large scale you may wonder? I believe the answer to be laziness. In the rush to get services and web applications up and running, many times programmers follow the path of least resistance, creating a product as quickly and as un-thoroughly vetted as possible.

The process of safeguarding form entries from improper data is normally called sanitization or validation. This absolutely should not be the first step (although I believe it to be a sacrosanct rule to sanitize and validate all UI User entered data). The very first step, which blows my mind that I see people talk about permissions, or sanitization before broaching this topic, is to divorce the user entered data from the whole SQL query process. The easiest way to do this is through binding and stored procedures or prepared statements. Not only does it help to increase performance, the security benefit far outweighs the cost doing the code rewrites.

How does binding work? Think of it like this – when I use user data directly with SQL queries because of the way SQL is structured I can trick the statement into executing more than just the one statement it is supposed to. With binding, the only statement that gets executed is the exact one I want.
For example:
Wrong Way (This one is in Java. Almost all database interfaces have the ability to do this or something similar).

Statement FindUser = connection.createStatement();ResultSet r = FindUser.executeQuery(“SELECT userid from tablename where name = “+ FormData);

A SQL injection attack would look like this:

FindUser(“SELECT userid from tablename where name = “+ x OR name LIKE ‘%D%’; DROP TABLE tablename;”);

Right Way (This one is in Java. Almost all database interfaces have the ability to do this or something similar).

PreparedStatement finduser = connection.prepareStatement(“SELECT userid from tablename where name = ?”);finduser.setString(1, FormData);ResultSet r = finduser.executeQuery();

You could also make sure you filter the user input before it gets to the SQL parsing stage, and you could put tighter controls on your DB privileges using lowest permission levels required with role segmentation, all these things will surely help increase security. But the safest and strongest method of protection against SQL Injection, is to use binding.

If you have questions or would like more information, email me at resource@trca.com

Tune in next time….

How to Manage Technology in Your Business

How then should business leadership and IT Staff manage the technology of the workplace? Greater minds than I have written veritable libraries and created specialized training courses to answer these questions, and teach others to apply their systematic approachs. However trying to figure out which one is the best might be a trick greater than figuring out how to manage your technology.

You would be shocked, or perhaps not, to learn that here in the United States of America there is not a universal standard of IT Management, as you would find in most countries in Europe. I am of course referring to the Information Technology Infrastructure Library, a massive publication of the UK Government, which covers virtually every aspect of IT management and execution in not 1, not 2, but an awe inspiring 5 volumes which have been adopted by most major corporations and governments as a universal standard in Europe. At one point the first version of the ITIL consisted of 30 volumes, but even the British began to realize you could have way too much of a good thing, so they pared it down into something that could be read before the technology people were trying to manage became obsolete.

In case anyone cares the Five Volumes of the ITIL – and trust me, this is like a religion to uncounted techno-priests in the old country so the capitalization is completely called for:

• ITIL Service Strategy
• ITIL Service Design
• ITIL Service Transition
• ITIL Service Operation
• TIL Continual Service Improvement

Here in the US, the ITIL was never adopted, I think primarily because all the technology giants were hear for the most part, and each one was creating its own way of managing its own technology, think HP, IBM, Microsoft, Apple, etc… the majority of planning and executing IT strategy was folded into, and genetically recombined with the alphabet soup of Business Process Management, ERP, Six Sigma, Configuration Management, etc.. and we bred a hodgepodge of new acronyms, ITSM, APM, BSM. Everywhere you go, if a company does have the wherewithal to systemize their technology management, you can be sure that it is different than the company next door.

While we may pray for someday a universal standard, or a reasonable facsimile, the majority of us IT managers and service providers have to fish for ourselves, assimilating what works, and discarding the useless. I myself created a Managed Service package for my company that was heavily dependent on ITIL standards, breaking down the offerings into bite sized chunks for our customers. Regardless of what you do, there are a few cardinal axioms I believe every Company should follow. Once you have established a few guiding principles, everything should flow like molasses in the summertime.

1. Know how the business operates.
2. Know how the business is organized.
3. Know how people do their tasks.
4. If there is no visual process mapped out for workflows, it needs to be created.
5. Identify how customers interface with the business.
a. How does the business perceive how the customers perceive the business?
b. How does the customer actually perceive the business?
6. Identify how the business interfaces with customer.
7. Identify essential business data.
8. Identify each and every tool used to for managing and executing the above, and marry it visually in diagram to your process maps.
9. Create and maintain the following documents – i.e. conduct routine IT Assessments.
a. Physical and Logical Network Maps
b. Established Baseline for Servers and Workstations
c. Warranty Information on all Servers and PCs.
d. License Utilization Report
e. Software Inventory

Believe it or not, figuring out what exactly is going on is only the first step in learning to manage technology for a business. The major tasks, managing availability, managing incidents, managing problems (yes it is indeed a separate thing from managing incidents), managing information security, managing business continuity (DR), technology roadmapping, are all essential business technology tasks that must be performed.

Unfortunately in my experience I have found that often times small to mid sized businesses, colloquially known as SMB’s in the managed services industries, are not known to adequately invest money and personnel for technology. I have seen companies that produce upwards of 10 to 20 million in annual revenue that invest almost nothing into their technology.

I once met a self-proclaimed IT Director that had purchased a Wi-Fi controller from a big box store to provide internet access to trainees in 2 separate buildings. He didn’t understand why the network continually got jammed up. When a solution was proposed, the company stated that they were not able to spend the money to invest in the appropriate technology infrastructure needed ro run their business efficiently. I thought, How many orders lost, customers lost, or the potential for new business is lost because of the general lack of understanding of the impact that the correct technology has on a business?

And I get it, not everybody is an IT person, and because of our daily interactions with our own devices it is easy to think that managing technology is as simple as avoiding viruses – however in the business world effecient telecommunications and networking technology is just as important as a strategic business model or marketing plan. In fact, the companies that have made this connection holistically integrate technology solutions into their business and marketing strategies resulting in cost effective, high-efficiency performance of employees, and increases in sales and profits.

An Introduction

I recently was asked by our wonderful marketing guru, Michelle Keefer to contribute to a technology blog for TRCA (the company I work at). Apparently I agreed.

The first entry into this blog, I think, is a brief discussion on what technology is, and its role in the business organization. It is important for everyone to have an understanding of the meaning and place of technology. Far too often I find that people ken technology as some sort of mythical hand-wavium that possesses magical powers to alleviate any and all ailments, distempers, and imbalances in the humors. I believe that unfortunately things are marketed as “technology” simply because the marketroids are too lazy/unwilling to educate their customers on what exactly they are buying.

The word technology comes from the Greek (whom I am sure borrowed it from the Egyptians, heh heh) words tekhne and logia. Tekhne means ‘art’ or ‘skill’, and logia, rendered -logy, is used to mean the science and or study of something. Originally the word tekhnologia meant the scientific, or systematic study of an art or skill, however the word we use today, technology, has come to define the creation and use of technical means to achieve material objectives.

I personally like to think that technology can be defined as simply the art and science of tool use. We should view technology as the collection of various physical implements, processes, applications, and techniques used throughout all facets of culture, economy, and our lives to accomplish our goals. This tool and goal dynamic is a much more useful way of treating technology, especially in the work place.

We can say anything about humans, but if I were to pick something to say, it would be that humans are a tool using animal. As a matter of fact, members of the human genus have been using tools for 2.3 million years, and stone tools were used by some of the genara’s early possible ancestors, the Australopithecus africanus 3.4 million years ago. It has been theorized that the cognitive transformation from pre-historic Hominidae to modern Homo was in fact driven by tool use.

Thus history of man can also be viewed as the history of tools and technology.

The Raison d’etre for tool use is pretty self-evident, but bears repeating; we use tools to achieve a specific goal with a reduced amount of effort. This is my lazy definition of tool use. I could also say we use tools to achieve the best possible outcome, but this is hardly the case if we stop and seriously consider human nature. From a theoretical standpoint we can maybe combine the two viewpoints, and say that we use technology and tools should be used to achieve maximum output with minimum input. This may be the more useful viewpoint from a business sense as it allows for the measuring of a technology’s efficacy in achieving specific business goals.

By understanding the vast implications of technology, and when we re-consider how we think about technology in business, it becomes apparent that integrating technology into your business strategy is more fundamental than one might have initially thought it to be. Let us not be weary of conversations that include growing, adapting, or changing the technological processes in business, but rather embrace the evolution of technology just as we embrace the evolution of business, industry, and markets.